Methods and systems for cryptographically protecting secure content

ABSTRACT

Methods and systems are provided for cryptographically protecting secure content in connection with a graphics subsystem of a computing device. Techniques are implemented to encrypt the contents of video memory so that unauthorized software cannot gain meaningful access to it, thereby maintaining confidentiality. Moreover, a mechanism for tamper detection is provided so that there is awareness when data has been altered in some fashion, thereby maintaining integrity. In various embodiments, the contents of overlay surfaces and/or command buffers are encrypted, and/or the GPU is able to operate on encrypted content while preventing its availability to untrusted parties, devices or software.

COPYRIGHT NOTICE AND PERMISSION

[0001] A portion of the disclosure of this patent document may containmaterial that is subject to copyright protection. The copyright ownerhas no objection to the facsimile reproduction by anyone of the patentdocument or the patent disclosure, as it appears in the Patent andTrademark Office patent files or records, but otherwise reserves allcopyright rights whatsoever. The following notice shall apply to thisdocument: Copyright C) 2001, Microsoft Corp.

FIELD OF THE INVENTION

[0002] This patent application relates to commonly assigned copendingU.S. Patent Application No. ______, filed Month DD, YYYY, entitled“Methods and Systems for Authentication of Components in a GraphicsSystem.”

FIELD OF THE INVENTION

[0003] The present invention relates to methods and systems forcryptographically protecting secure content. More particularly, thepresent invention relates to techniques for cryptographically securingcontent routed through a graphics pipeline, providing bothconfidentiality and tamper protection with respect to the content.

BACKGROUND OF THE INVENTION

[0004] The Internet and many other sources and applications now providea vast array of streaming and fixed media or other content forlistening, viewing, processing, storing and otherwise rendering.However, currently there is no practical way of capturing, recording orrendering the streaming or fixed media or content in a copy-protectedmanner so that a pirate cannot tap into the stream at some point alongthe pipeline, either as the content is being processed or as the contentis being rendered, and take possession of a copy of or alter thecontent. This problem has existed in connection with other mediarendering and recording devices in the past, e.g., VCRs for televisioncontent, or tape recorders for audio signals, but with at least one keydifference. Since digital media content can be recorded with virtuallyno signal loss, this poses a “risk” for copyright owners that theirworks will be freely shared (pirated) without compensation. With VCRsand tape recorders, the device(s) and transmission media invite noise orcorruption of data into the recording process. With streaming or fixeddigital media, there is no reason why virtually lossless conversions andre-transmissions cannot be effected, at least to the limits of human earand eye capabilities, and there is no reason why unadulterated digitaldata cannot be stored and freely distributed. Thus, it would bedesirable to prevent unfettered re-distribution of digital data becausethere is little difference between what copyright owners can provide fora fee and what a pirate can provide for free. Moreover, with respect tocommunications that are desired to be confidential, such as e-commercetransactions, it is important to the user engaged in the dialog that nounauthorized third party be privy to the transactions. Thus, withrespect to content from a trusted source, there is currently nopractical way for the data to be “securely” processed or rendered on auser's computer without preventing piracy, or corruption.

[0005] In particular, once the content is pipelined among a hostcomputing system, one or more graphics processing units (GPUs), and arendering device, e.g., a monitor, there are a number of opportunitiesfor a pirate or other unauthorized third party to camp on a line orsignal, and either pirate or corrupt the signal. Moreover, as userdialogs become more sophisticated via messaging services and videoteleconferencing, providing a trusted pipeline for secure content fromwherever originated becomes all the more important moving forward.

[0006] Furthermore, it is clear that future generations of operatingsystems, computing devices and applications will utilize more computingpower from the GPUs for business applications, as opposed to drawingmost computing power from the CPUs as in today's personal computers(PCs). Thus, ensuring that content that is sent to the GPUs via “trustedgraphics” applications will be a fundamental feature for futurecomputing devices, and one not addressed adequately by present computingsystems.

[0007] This problem of providing a secure pipeline for trusted contentcan be thought of as being twofold: (1) one must ensure that the trustedcontent cannot be copied or viewed at some weak point during thepipeline (confidentiality) and (2) one must ensure that the pipelineprevents unauthorized corruption of data in the pipeline (protected). Inthe context of system security, complexity is a liability because itmakes it more difficult to prove a system's security. As with an airportor other security scenario, the more entry and exit points there are inthe system, the more difficult it becomes to ensure security. In thisregard, presently there is no means by which the bulk of GPUfunctionality and the display driver(s) can be trusted in terms of bothconfidentiality and protectability. Thus, it would be desirable toimplement a trusted graphics environment in connection with a computingdevice which receives content from a trusted source, such that a user ofthe device can be assured that the content cannot be copied withoutauthorization and cannot be tampered or altered by a third party.

SUMMARY OF THE INVENTION

[0008] In view of the foregoing, the present invention provides methodsand systems for cryptographically protecting secure content inconnection with a graphics subsystem of a computing device. Techniquesare implemented to encrypt the contents of video memory so thatunauthorized software cannot gain meaningful access to it, therebysatisfying the goal of confidentiality. Moreover, a mechanism for tamperdetection is provided so that there is awareness when data has beenaltered in some fashion, thereby satisfying the goal of protectability.In various embodiments, the invention describes how to encrypt thecontents of overlay surfaces and/or command buffers, and/or describeshow to enable the GPU to operate on encrypted content while preventingits availability to untrusted parties, devices or software.

[0009] The methods of the invention variously include techniques forcryptographically protecting secure content in connection with a trustedgraphics system having video memory, graphics processing unit(s)(GPU(s)) and a cryptographic processing device communicatively coupledto the GPU(s), comprising requesting, by an application or device, thegraphics system to perform processing or rendering of secure content,wherein the requesting includes transmitting by the application ordevice a session key to the graphics system and transmitting the securecontent to encrypted portion(s) of the video memory, decrypting thecontent of the encrypted portion(s) of video memory by the GPU(s) incommunication with the cryptographic processing device, performing theprocessing or rendering on the decrypted content by the GPU(s) andoutputting the content from the GPU(s).

[0010] Similar methods of the invention variously include requesting, byan application or device, the graphics system to perform processing orrendering of secure content, wherein the requesting includestransmitting by the application or device a session key to the graphicssystem for verification by the cryptographic processing device andtransmitting the secure content to encrypted portion(s) of the videomemory, decrypting the content of the encrypted portion(s) of videomemory by a decryption mechanism of an input unit of the GPU(s), whereinthe decryption mechanism is in communication with the cryptographicprocessing device, performing the processing or rendering on thedecrypted content by the GPU(s), encrypting the content with anencryption/decryption mechanism of an output unit of the GPU(s) andoutputting the encrypted content from the GPU(s).

[0011] Other features and embodiments of the present invention aredescribed below.

BRIEF DESCRIPTION OF THE DRAWINGS

[0012] The methods and systems for cryptographically protecting securecontent in accordance with the present invention are further describedwith reference to the accompanying drawings in which:

[0013]FIG. 1A is a block diagram representing an exemplary networkenvironment having a variety of computing devices in which the presentinvention may be implemented;

[0014]FIG. 1B is a block diagram representing an exemplary non-limitingcomputing device in which the present invention may be implemented;

[0015]FIG. 2 is a flow diagram illustrating unprotected parts of agraphics pipeline which are protected in accordance with the invention;

[0016]FIGS. 3A and 3B are block diagrams illustrating exemplary aspectsof a first layer of security in accordance with the invention;

[0017]FIGS. 4A to 4C are block diagrams illustrating exemplary aspectsof a second layer of security in accordance with the invention;

[0018]FIGS. 5A to 5B illustrate exemplary swizzling of an AYUV/ARGBformat in accordance with the invention;

[0019]FIGS. 6A to 6B illustrate exemplary swizzling of a YUY2 format inaccordance with the invention;

[0020]FIGS. 7A to 7B illustrate exemplary swizzling of a packed planarformat in accordance with the invention;

[0021]FIGS. 8A and 8B are block diagrams illustrating exemplary aspectsof a third layer of security in accordance with the invention; and

[0022]FIGS. 9A and 9B are block diagrams illustrating exemplaryencryption techniques that may be applied to the output from a graphicsprocessing unit in accordance with the invention.

DETAILED DESCRIPTION OF THE INVENTION

[0023] Overview

[0024] This present invention provides systems and techniques foraugmenting an operating system, or other intermediary between contentfrom a trusted source and a graphics system for processing, and/orrendering the content in order to enable ‘trusted graphics’applications, such as tamper-resistant, confidential dialogs and theplayback of premium content that is resistant to unauthorizedduplication. One way of viewing the invention is that it provides three‘levels’ of security: (1) encryption of the contents of overlay surfaces(2) enabling the GPU, or other coprocessing device, to operate onencrypted content without making it available to untrusted parties and(3) enabling command buffers to be encrypted.

[0025] As mentioned, in the context of system security, complexity is aliability because it makes it more difficult to prove a system'ssecurity. As a result, the invention begins by considering that the bulkof GPU functionality and the display driver(s) must be considereduntrustable. The invention then applies techniques that increase thechances of a correct implementation in terms of confidentiality andprotectability by limiting the scope of the hardware that may beimplemented to meet the criteria for security.

[0026] Some terminology in accordance with the invention has alreadybeen discussed above. However, for the sake of clarity, some terms willnow be emphasized. The term confidential refers to the prevention of anuntrusted third party, such as a third party device or software, fromgaining access to the trusted content information. An example of suchconfidentiality includes preventing an untrusted third party fromgaining access to the playback of encrypted premium video contentanywhere along the graphics pipeline. The term protected refers to theprevention of an untrusted third party, such as a third party device orsoftware, from gaining access to or changing the trusted contentinformation without being detected. An example of such protectabilityincludes preventing an untrusted third party from gaining access to oraltering the display of a secure dialog that might occur during ane-commerce transaction.

[0027] In this regard, the invention considers overlapping windows,e.g., a user interface on top of a premium content video streams, aswell as unobscurable windows, which might be present during ane-commerce dialogs.

[0028] Exemplary Network Environments

[0029] One of ordinary skill in the art can appreciate that a computeror other client or server device can be deployed as part of a computernetwork, or in a distributed computing environment. In this regard, thepresent invention pertains to any computer system having any number ofmemory or storage units, and any number of applications and processesoccurring across any number of storage units or volumes, which mayimplicate the trusted graphics regime of the invention. The presentinvention may apply to an environment with server computers and clientcomputers deployed in a network environment or distributed computingenvironment, having remote or local storage. The present invention mayalso be applied to standalone computing devices, having programminglanguage functionality, interpretation and execution capabilities forgenerating, receiving and transmitting information in connection withremote or local services.

[0030] Distributed computing facilitates sharing of computer resourcesand services by direct exchange between computing devices and systems.These resources and services include the exchange of information, cachestorage, and disk storage for files. Distributed computing takesadvantage of network connectivity, allowing clients to leverage theircollective power to benefit the entire enterprise. In this regard, avariety of devices may have applications, objects or resources that mayinteract to implicate trusted graphics pipeline(s) of the presentinvention.

[0031]FIG. 1A provides a schematic diagram of an exemplary networked ordistributed computing environment. The distributed computing environmentcomprises computing objects 10 a, 10 b, etc. and computing objects ordevices 110 a, 110 b, 110 c, etc. These objects may comprise programs,methods, data stores, programmable logic, etc. The objects may compriseportions of the same or different devices such as PDAs, televisions, MP3players, televisions, personal computers, etc. Each object cancommunicate with another object by way of the communications network 14.This network may itself comprise other computing objects and computingdevices that provide services to the system of FIG. 1A. In accordancewith an aspect of the invention, each object 10 or 110 may contain anapplication that might request trusted graphics resources.

[0032] It can also be appreciated that an object, such as 110 c, may behosted on another computing device 10 or 110. Thus, although thephysical environment depicted may show the connected devices ascomputers, such illustration is merely exemplary and the physicalenvironment may alternatively be depicted or described comprisingvarious digital devices such as PDAs, televisions, MP3 players, etc.,software objects such as interfaces, COM objects and the like.

[0033] There are a variety of systems, components, and networkconfigurations that support distributed computing environments. Forexample, computing systems may be connected together by wireline orwireless systems, by local networks or widely distributed networks.Currently, many of the networks are coupled to the Internet, whichprovides the infrastructure for widely distributed computing andencompasses many different networks.

[0034] In home networking environments, there are at least fourdisparate network transport media that may each support a uniqueprotocol such as Power line, data (both wireless and wired), voice(e.g., telephone) and entertainment media. Most home control devicessuch as light switches and appliances may use power line forconnectivity. Data Services may enter the home as broadband (e.g.,either DSL or Cable modem) and are accessible within the home usingeither wireless (e.g., HomeRF or 802.11b) or wired (e.g., Home PNA, Cat5, even power line) connectivity. Voice traffic may enter the homeeither as wired (e.g., Cat 3) or wireless (e.g., cell phones) and may bedistributed within the home using Cat 3 wiring. Entertainment media mayenter the home either through satellite or cable and is typicallydistributed in the home using coaxial cable. IEEE 1394 and DVI are alsoemerging as digital interconnects for clusters of media devices. All ofthese network environments and others that may emerge as protocolstandards may be interconnected to form an intranet that may beconnected to the outside world by way of the Internet. In short, avariety of disparate sources exist for the storage and transmission ofdata, and consequently, moving forward, computing devices will requireways of protecting content at all portions of the data processingpipeline

[0035] The Internet commonly refers to the collection of networks andgateways that utilize the TCP/IP suite of protocols, which arewell-known in the art of computer networking. TCP/IP is an acronym for“Transport Control Protocol/Interface Program.” The Internet can bedescribed as a system of geographically distributed remote computernetworks interconnected by computers executing networking protocols thatallow users to interact and share information over the networks. Becauseof such wide-spread information sharing, remote networks such as theInternet have thus far generally evolved into an open system for whichdevelopers can design software applications for performing specializedoperations or services, essentially without restriction.

[0036] Thus, the network infrastructure enables a host of networktopologies such as client/server, peer-to-peer, or hybrid architectures.The “client” is a member of a class or group that uses the services ofanother class or group to which it is not related. Thus, in computing, aclient is a process, i.e., roughly a set of instructions or tasks, thatrequests a service provided by another program. The client processutilizes the requested service without having to “know” any workingdetails about the other program or the service itself. In aclient/server architecture, particularly a networked system, a client isusually a computer that accesses shared network resources provided byanother computer e.g., a server. In the example of FIG. 1A, computers110 a, 110 b, etc. can be thought of as clients and computer 10 a, 10 b,etc. can be thought of as the server where server 10 a, 10 b, etc.maintains the data that is then replicated in the client computers 110a, 110 b, etc.

[0037] A server is typically a remote computer system accessible over aremote network such as the Internet. The client process may be active ina first computer system, and the server process may be active in asecond computer system, communicating with one another over acommunications medium, thus providing distributed functionality andallowing multiple clients to take advantage of the information-gatheringcapabilities of the server.

[0038] Client and server communicate with one another utilizing thefunctionality provided by a protocol layer. For example,Hypertext-Transfer Protocol (HTTP) is a common protocol that is used inconjunction with the World Wide Web (WWW). Typically, a computer networkaddress such as a Universal Resource Locator (URL) or an InternetProtocol (IP) address is used to identify the server or client computersto each other. The network address can be referred to as a UniversalResource Locator address. For example, communication can be providedover a communications medium. In particular, the client and server maybe coupled to one another via TCP/IP connections for high-capacitycommunication.

[0039] Thus, FIG. 1A illustrates an exemplary networked or distributedenvironment, with a server in communication with client computers via anetwork/bus, in which the present invention may be employed. In moredetail, a number of servers 10 a, 10 b, etc., are interconnected via acommunications network/bus 14, which may be a LAN, WAN, intranet, theInternet, etc., with a number of client or remote computing devices 110a, 110 b, 110 c, 110 d, 110 e, etc., such as a portable computer,handheld computer, thin client, networked appliance, or other device,such as a VCR, TV, oven, light, heater and the like in accordance withthe present invention. It is thus contemplated that the presentinvention may apply to any computing device in connection with which itis desirable to process, store or render secure content from a trustedsource.

[0040] In a network environment in which the communications network/bus14 is the Internet, for example, the servers 10 can be Web servers withwhich the clients 110 a, 110 b, 110 c, 110 d, 110 e, etc. communicatevia any of a number of known protocols such as HTTP. Servers 10 may alsoserve as clients 110, as may be characteristic of a distributedcomputing environment. Communications may be wired or wireless, whereappropriate. Client devices 110 may or may not communicate viacommunications network/bus 14, and may have independent communicationsassociated therewith. For example, in the case of a TV or VCR, there mayor may not be a networked aspect to the control thereof. Each clientcomputer 110 and server computer 10 may be equipped with variousapplication program modules or objects 135 and with connections oraccess to various types of storage elements or objects, across whichfiles may be stored or to which portion(s) of files may be downloaded ormigrated. Thus, the present invention can be utilized in a computernetwork environment having client computers 110 a, 110 b, etc. that canaccess and interact with a computer network/bus 14 and server computers10 a, 10 b, etc. that may interact with client computers 110 a, 110 b,etc. and other devices 111 and databases 20.

[0041] Exemplary Computing Device

[0042]FIG. 1B and the following discussion are intended to provide abrief general description of a suitable computing environment in whichthe invention may be implemented. It should be understood, however, thathandheld, portable and other computing devices and computing objects ofall kinds are contemplated for use in connection with the presentinvention. While a general purpose computer is described below, this isbut one example, and the present invention may be implemented with athin client having network/bus interoperability and interaction. Thus,the present invention may be implemented in an environment of networkedhosted services in which very little or minimal client resources areimplicated, e.g., a networked environment in which the client deviceserves merely as an interface to the network/bus, such as an objectplaced in an appliance. In essence, anywhere that data may be stored orfrom which data may be retrieved or rendered is a desirable, orsuitable, environment for operation of the cryptographic protection ofsecure content of the invention.

[0043] Although not required, the invention can be implemented via anoperating system, application programming interface (API), and/orincluded within application software that interfaces to trusted content.In various embodiments, the invention also applies to hardware whichconforms to interfacing, and encryption techniques described below.Software may be described in the general context of computer-executableinstructions, such as program modules, being executed by one or morecomputers, such as client workstations, servers or other devices.Generally, program modules include routines, programs, objects,components, data structures and the like that perform particular tasksor implement particular abstract data types. Typically, thefunctionality of the program modules may be combined or distributed asdesired in various embodiments. Moreover, those skilled in the art willappreciate that the invention may be practiced with other computersystem configurations. Other well known computing systems, environments,and/or configurations that may be suitable for use with the inventioninclude, but are not limited to, personal computers (PCs), automatedteller machines, server computers, hand-held or laptop devices,multi-processor systems, microprocessor-based systems, programmableconsumer electronics, network PCs, appliances, lights, environmentalcontrol elements, minicomputers, mainframe computers and the like. Theinvention may also be practiced in distributed computing environmentswhere tasks are performed by remote processing devices that are linkedthrough a communications network/bus or other data transmission medium.In a distributed computing environment, program modules may be locatedin both local and remote computer storage media including memory storagedevices, and client nodes may in turn behave as server nodes.

[0044]FIG. 1B thus illustrates an example of a suitable computing systemenvironment 100 in which the invention may be implemented, although asmade clear above, the computing system environment 100 is only oneexample of a suitable computing environment and is not intended tosuggest any limitation as to the scope of use or functionality of theinvention. Neither should the computing environment 100 be interpretedas having any dependency or requirement relating to any one orcombination of components illustrated in the exemplary operatingenvironment 100.

[0045] With reference to FIG. 1B, an exemplary system for implementingthe invention includes a general purpose computing device in the form ofa computer 110. Components of computer 110 may include, but are notlimited to, a processing unit 120, a system memory 130, and a system bus121 that couples various system components including the system memoryto the processing unit 120. The system bus 121 may be any of severaltypes of bus structures including a memory bus or memory controller, aperipheral bus, and a local bus using any of a variety of busarchitectures. By way of example, and not limitation, such architecturesinclude Industry Standard Architecture (ISA) bus, Micro ChannelArchitecture (MCA) bus, Enhanced ISA (EISA) bus, Video ElectronicsStandards Association (VESA) local bus, and Peripheral ComponentInterconnect (PCI) bus (also known as Mezzanine bus).

[0046] Computer 110 typically includes a variety of computer readablemedia. Computer readable media can be any available media that can beaccessed by computer 110 and includes both volatile and nonvolatilemedia, removable and non-removable media. By way of example, and notlimitation, computer readable media may comprise computer storage mediaand communication media. Computer storage media includes both volatileand nonvolatile, removable and non-removable media implemented in anymethod or technology for storage of information such as computerreadable instructions, data structures, program modules or other data.Computer storage media includes, but is not limited to, RAM, ROM,EEPROM, flash memory or other memory technology, CDROM, digitalversatile disks (DVD) or other optical disk storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or any other medium which can be used to store the desired informationand which can accessed by computer 110. Communication media typicallyembodies computer readable instructions, data structures, programmodules or other data in a modulated data signal such as a carrier waveor other transport mechanism and includes any information deliverymedia. The term “modulated data signal” means a signal that has one ormore of its characteristics set or changed in such a manner as to encodeinformation in the signal. By way of example, and not limitation,communication media includes wired media such as a wired network ordirect-wired connection, and wireless media such as acoustic, RF,infrared and other wireless media. Combinations of any of the aboveshould also be included within the scope of computer readable media.

[0047] The system memory 130 includes computer storage media in the formof volatile and/or nonvolatile memory such as read only memory (ROM) 131and random access memory (RAM) 132. A basic input/output system 133(BIOS), containing the basic routines that help to transfer informationbetween elements within computer 110, such as during start-up, istypically stored in ROM 131. RAM 132 typically contains data and/orprogram modules that are immediately accessible to and/or presentlybeing operated on by processing unit 120. By way of example, and notlimitation, FIG. 1B illustrates operating system 134, applicationprograms 135, other program modules 136, and program data 137.

[0048] The computer 110 may also include other removable/non-removable,volatile/nonvolatile computer storage media. By way of example only,FIG. 1B illustrates a hard disk drive 141 that reads from or writes tonon-removable, nonvolatile magnetic media, a magnetic disk drive 151that reads from or writes to a removable, nonvolatile magnetic disk 152,and an optical disk drive 155 that reads from or writes to a removable,nonvolatile optical disk 156, such as a CD ROM or other optical media.Other removable/non-removable, volatile/nonvolatile computer storagemedia that can be used in the exemplary operating environment include,but are not limited to, magnetic tape cassettes, flash memory cards,digital versatile disks, digital video tape, solid state RAM, solidstate ROM, and the like. The hard disk drive 141 is typically connectedto the system bus 121 through an non-removable memory interface such asinterface 140, and magnetic disk drive 151 and optical disk drive 155are typically connected to the system bus 121 by a removable memoryinterface, such as interface 150.

[0049] The drives and their associated computer storage media discussedabove and illustrated in FIG. 1B provide storage of computer readableinstructions, data structures, program modules and other data for thecomputer 110. In FIG. 1B, for example, hard disk drive 141 isillustrated as storing operating system 144, application programs 145,other program modules 146, and program data 147. Note that thesecomponents can either be the same as or different from operating system134, application programs 135, other program modules 136, and programdata 137. Operating system 144, application programs 145, other programmodules 146, and program data 147 are given different numbers here toillustrate that, at a minimum, they are different copies. A user mayenter commands and information into the computer 110 through inputdevices such as a keyboard 162 and pointing device 161, commonlyreferred to as a mouse, trackball or touch pad. Other input devices (notshown) may include a microphone, joystick, game pad, satellite dish,scanner, or the like. These and other input devices are often connectedto the processing unit 120 through a user input interface 160 that iscoupled to the system bus 121, but may be connected by other interfaceand bus structures, such as a parallel port, game port or a universalserial bus (USB). A graphics interface 182, such as Northbridge, mayalso be connected to the system bus 121. Northbridge is a chipset thatcommunicates with the CPU, or host processing unit 120, and assumesresponsibility for accelerated graphics port (AGP) communications. Oneor more graphics processing units (GPUs) 184 may communicate withgraphics interface 182. In this regard, GPUs 184 generally includeon-chip memory storage, such as register storage and GPUs 184communicate with a video memory 186. GPUs 184, however, are but oneexample of a coprocessor and thus a variety of coprocessing devices maybe included in computer 110. A monitor 191 or other type of displaydevice is also connected to the system bus 121 via an interface, such asa video interface 190, which may in turn communicate with video memory186. In general, it is this portion of a computing device that isvulnerable, and accordingly the present invention provides protectionand confidentiality of data being processed or rendered incidentthereto. In addition to monitor 191, computers may also include otherperipheral output devices such as speakers 197 and printer 196, whichmay be connected through an output peripheral interface 195.

[0050] The computer 110 may operate in a networked or distributedenvironment using logical connections to one or more remote computers,such as a remote computer 180. The remote computer 180 may be a personalcomputer, a server, a router, a network PC, a peer device or othercommon network node, and typically includes many or all of the elementsdescribed above relative to the computer 110, although only a memorystorage device 181 has been illustrated in FIG. 1B. The logicalconnections depicted in FIG. 1B include a local area network (LAN) 171and a wide area network (WAN) 173, but may also include othernetworks/buses. Such networking environments are commonplace in homes,offices, enterprise-wide computer networks, intranets and the Internet.

[0051] When used in a LAN networking environment, the computer 110 isconnected to the LAN 171 through a network interface or adapter 170.When used in a WAN networking environment, the computer 110 typicallyincludes a modem 172 or other means for establishing communications overthe WAN 173, such as the Internet. The modem 172, which may be internalor external, may be connected to the system bus 121 via the user inputinterface 160, or other appropriate mechanism. In a networkedenvironment, program modules depicted relative to the computer 110, orportions thereof, may be stored in the remote memory storage device. Byway of example, and not limitation, FIG. 1B illustrates remoteapplication programs 185 as residing on memory device 181. It will beappreciated that the network connections shown are exemplary and othermeans of establishing a communications link between the computers may beused.

[0052] Exemplary Distributed Computing Frameworks or Architectures

[0053] Various distributed computing frameworks have been and are beingdeveloped in light of the convergence of personal computing and theInternet. Individuals and business users alike are provided with aseamlessly interoperable and Web-enabled interface for applications andcomputing devices, making computing activities increasingly Web browseror network-oriented.

[0054] For example, MICROSOFT®'s Net platform includes servers,building-block services, such as Web-based data storage and downloadabledevice software. Generally speaking, the Net platform provides (1) theability to make the entire range of computing devices work together andto have user information automatically updated and synchronized on allof them, (2) increased interactive capability for Web sites, enabled bygreater use of XML rather than HTML, (3) online services that featurecustomized access and delivery of products and services to the user froma central starting point for the management of various applications,such as e-mail, for example, or software, such as Office Net, (4)centralized data storage, which will increase efficiency and ease ofaccess to information, as well as synchronization of information amongusers and devices, (5) the ability to integrate various communicationsmedia, such as e-mail, faxes, and telephones, (6) for developers, theability to create reusable modules, thereby increasing productivity andreducing the number of programming errors and (7) many othercross-platform integration features as well.

[0055] While exemplary embodiments herein are generally described inconnection with methods implemented by software residing on a computingdevice, one or more portions of the invention may also be implementedvia an operating system, application programming interface (API) or a“middle man” object between a coprocessor and inviolate content, suchthat the trusted content services may be performed by, supported in oraccessed via all of .NET's languages and services, and in otherdistributed computing frameworks as well. Moreover, it can beappreciated that one or more of the techniques described in accordancewith the invention may implicate changes to hardware, such as changes tothe GPU to conform to the techniques.

[0056] Cryptogaphically Protecting Secure Content

[0057] The present invention thus provides methods and systems foraugmenting an operating system, or any platform, to enable “trustedgraphics” applications, such as tamper-resistant, confidential dialogsand to enable playback of content in a way that is resistant tounauthorized duplication. The problem solved by the present invention isillustrated by FIG. 2 in which encrypted premium content 200 is beingshown passed to or generated by a trusted software application TS.Incident to the use of the trusted software TS, the content 200 mayimplicate functionality of the GPU 265 prior to rendering (or other use)of the content 200 via a rendering device 295. Such content 200 will bepassed from the system or host memory 230 to the video memory 260 forprocessing by the GPU 265. The dotted line in FIG. 2 illustrates wherethe security problem is. As related in the background, no present daysystems properly ensure protected and confidential delivery of contentthrough the elements surrounded by the dotted line. From the standpointof the trusted software TS, the first problem is whether or not thecomponents inside the dotted line can be trusted with the content beforehanding off the content to the GPU. Assuming the trusted software TS canauthenticate the components inside the dotted line properly, the secondproblem from the standpoint of the trusted software TS is that trustedsoftware TS must be reasonably sure that, once the data is handed offinto the dotted line, the data will not be altered. The presentinvention addresses both types of problems in various embodimentsdescribed below. In various ways, the methods and systems areimplemented by (1) encrypting the contents of overlay surfaces (2)enabling the GPU to operate on the encrypted content without making itavailable to untrusted applications or parties and (3) encrypting thecontent of command buffers.

[0058] A first aspect to the trusted graphics processing and renderingproblem addressed by the invention relates to the provision of acryptographic (sometimes herein referred to as ‘crypto’) processor andindexed key management. Commonly assigned copending U.S. patentapplication Ser. No. ______ (the ‘CCC application), filed Month DD,YYYY, entitled “Methods and Systems for Authentication of Components ina Graphics System” teaches techniques for authenticating component(s) inconnection with a graphics system, as described below. It is to beunderstood, however, that the invention presumes that authentication hasoccurred and thus any authentication techniques may be leveraged toprovide a trusted graphics platform as described in the variousembodiments of the invention below.

[0059] Exemplary Authentication

[0060] In this regard, secure graphics cards must be able toauthenticate themselves as such. In particular, trusted software must beable to distinguish a secure graphics card from a traditional graphicscard or a circumvention device, such as a spoof. In addition, trustedsoftware must be able to reveal cryptographic keys to the graphics cardand be able to verify that the receiver of the keys is indeed a securegraphics card. For this purpose, secure graphics cards are equipped witha crypto processor in accordance with the invention, which performs thecryptographic tasks of authentication and key transport.

[0061] With respect to hardware, crypto processors are provided inaccordance with the invention, which are individualized and certifiedduring manufacture. Each crypto processor contains a unique privatedecryption key K_(priv). While many different encryption and decryptionalgorithms are contemplated in accordance with the invention and knownto those in the cryptographic arts, for context, the algorithm describedherein is RSA and the key length is 1024 bits, both non-limiting designchoices, which may be tailored according to well-known tradeoffsdepending upon the application and security level(s) desired.

[0062] In this regard, the crypto processor is permanently attached tothe graphics card, either by adding it to an existing chip or adding itas a separate chip to the card. The crypto processor implements a publickey crypto algorithm, as described in more detail below and hides aunique private key. In this regard, such a crypto processor can performa public key decryption quickly with today's silicon technologies.However, the crypto processor may also include a public key acceleratorand may implement a symmetric cipher (AES) and some control logic.

[0063] In one exemplary non-limiting embodiment, the crypto processorincludes the following volatile registers: (1) a 256 bit register S forthe session key. The lifetime of this key is typically the running timeof the trusted software and (2) an array of a plurality of index keys.Each key may be 128 bits long, although other choices may be suitable.Each key is associated with a particular window and is used by thegraphics card to decrypt its contents. The lifetime of each key isgoverned by instructions from the trusted software.

[0064] As mentioned, the crypto processor of the invention ispermanently attached to the graphics card. Thus, there is required ameans to securely interface with the crypto processor in order to makeuse of its functionality. As to interfacing with the crypto processor,the present invention considers at least two techniques: (a) an externalinterface to the trusted software TS and (b) an interface to the GPU265. The former interface—at least in its cryptographic aspects must bestandardized. The latter interface can be implementation specific, butshould adhere to the overall guidelines set forth below.

[0065] With respect to the external interface implementation, theexternal interface uses a private key (PK) encryption protocol forauthentication and key transport. Under this protocol, the trustedsoftware TS encrypts a session key with the public key of the cryptoprocessor. The crypto processor receives the resulting cryptoblob anddecrypts it with its private key, thus obtaining the session key. Now,the trusted software and the crypto processor share a secret. Thetrusted software can use this session key to send instructions to thecrypto processor.

[0066] In one non-limiting embodiment, the external interface is exposedthrough the following functions by the crypto processor:

[0067] The function SetSessionKey( ) performs the initial authenticationstep and key transport. It is the only function the accesses the publickey functionality of the crypto processor. Thus, in one embodiment, thepresent invention contemplates calling this function once per boot. Thefollowing exemplary pseudocode represents one non-limitingimplementation of SetSessionKey( ): SetSessionKey( cryptoblob) {PKDecrypt( privateKey, cryptoblob, sessionKey ); }

[0068] After successful completion of the operation, the sessionKeyregister contains a key, such as a 256 bit key, from the cryptoblob. Thepublic key algorithm may be, for example, 1024 bit RSA.

[0069] Once a symmetric session key K has been established between thetrusted software and the crypto processor, this key can be used tosecure all further communication to and from the crypto processor. Thetrusted software and the crypto processor can communicate by means ofsimple Get and Set methods, whose parameters are cryptographicallyprotected for confidentiality and integrity. In particular, theparameter block B of each call can be processed in the followingnon-limiting way:

[0070] AES(M|HMAC(M,K1),K2),

[0071] where:

[0072] K1 is the first half of K (bits 0 to 127)

[0073] K2 is the second half of K (bits 128 to 255)

[0074] AES(M,K) is the result of encrypting message M under key K withAES in CBC mode HMAC(M,K) is the result of computing an HMAC over anappropriate hash function on message M with key K

[0075] A|B is the result of concatenating A and B.

[0076] This format can be used for the input parameters and for theoutput parameters of the following functions:

[0077] Set([IN] BOOL needsAck, [IN] BITS 128 nonce, [IN] ENUMpropertyID, [IN] BYTESEQUENCE propertyParamters, [OUT] BYTESEQUENCE ack)

[0078] where:

[0079] needsAck is a boolean value, which allows the trusted software toindicate, whether an acknowledgement is required.

[0080] nonce is a 128 bit value chosen by the trusted software. Thenonce can be used in the acknowledgement, if an acknowledgement wasrequested.

[0081] propertyID identifies the property, which is being set. Anexemplary list of supported properties is given below in Table 1.

[0082] propertyParamters is a sequence of parameters, which is specificto each propertyID.

[0083] Lastly, Ack is the acknowledgement of the operation. The cryptoprocessor produces ack if and only if needsAck was set. Ack is composedof the nonce followed by a message, which is specific to eachpropertyID. TABLE 1 List of Property IDs for Get function Property IDNeeds Ack Parameters Acknowledgement Index key Yes Index, key, purposeOk, fail Output lock Yes { lock, unlock } State after the lock operationL2KEYMGMT Yes Renewal frequency Ok, fail

[0084] With respect to the Index key property ID, this method writes anew key and purpose tag into the key register identified by index.

[0085] With respect to the Output lock property ID, this method sets theoutput lock flag. When this flag is set, the screen geometry (width,height, color depth, refresh rate) as well as the graphics card output(VGA, DVI) cannot be changed. In particular, the graphics card will notexecute instructions to change these settings while the output lock flagis set.

[0086] With respect to the L2KeyMgrnt property ID, this method sets thekey renewal frequency under the second layer of protection described inaccordance with the invention, i.e., encrypting inputs and outputsdescribed in more detail below.

[0087] Similarly, the Get function is proposed as follows:

[0088] Get([IN] BITS 128 nonce, [IN] ENUM propertyID, [IN] BYTESEQUENCEpropertyParamters, [OUT] BYTESEQUENCE response)

[0089] where:

[0090] nonce is a 128 bit value chosen by the trusted software to beused in the response.

[0091] propertyID identifies the property, which is being set. The listof supported properties is given below in Table 2.

[0092] propertyParamters is a sequence of parameters, which is specificto each propertyID.

[0093] Response contains the result of the operation. Response iscomposed of the nonce followed by a message, which is specific to eachpropertyID. TABLE 2 List of Property IDs for Set function Para- PropertyID meters Response Output ports key index VGA, AGP, etc. AuthenticationCode key index X-bit number DX-SEC version None Version number SecureSurface Count None Number of supported secure surfaces Overlappingsurface count None Number of supported overlapping surfaces Primary typeNone 1 Geometry None Width, height, refresh rate, color depth of theprimary surface

[0094] With respect to Output ports, this method returns the setting ofthe graphics card outputs, e.g., VGA, DVI, etc.

[0095] With respect to Authentication code, this method returns the hashof the contents of a window as per the first layer of protectiondescribed in accordance with the invention, i.e., encryption ofoverlays.

[0096] With respect to DX-SEC version, this method returns the versionof DX-SEC supported by the graphics card.

[0097] With respect to Secure surface count, this method returns thenumber of secure surfaces supported by the graphics card.

[0098] With respect to Overlapping surface count, this method returnsthe number of overlapping secure surfaces supported by the graphicscard.

[0099] With respect to Primary type, this method returns 1, and providesfuture flexibility.

[0100] With respect to Geometry, this method returns the width, height,refresh rate and color depth of the primary surface.

[0101] The Set function may still further include a method that sets thelocation or size of a protected region overlay, or the location and sizeof a fraction of a main (primary) surface that should be decrypted.

[0102] Thus, the above SetSessionKey, Get and Set function relate tonon-limiting embodiments of an external interface. The term “internalinterface” refers to the interface between the crypto processor and therest of the graphics card. The details of this kind of interface inaccordance with the invention are up to the implementation of eachindividual graphics card, subject to the following restrictions: (1) thecrypto processor should be permanently secured to the graphics card and(2) the connection between the crypto processor and the rest of thegraphics card should not be exposed.

[0103] In this regard, removal of the crypto processor from the graphicscard should not be trivial. If the crypto processor is implemented as aseparate chip, this is mainly a restriction on the mechanical interface,which attaches the crypto processor to the graphics card. Typically, thecrypto processor should be soldered onto the graphics card.Alternatively, the crypto processor could reside on the same chip as themain GPU. Use of standardized mechanical interfaces, which allow thecrypto processor to be removed, e.g., smart card readers, socket mountsand the like, is not acceptable.

[0104] Moreover, the physical connection between the crypto processorand the rest of the graphics card must not be accessible and must not beexposed through standard interfaces. For example, a USB connector onthis bus is not acceptable in accordance with the invention.

[0105] With respect to rules for key management, each index key can onlybe used in accordance with its associated purpose parameter. In oneembodiment, the values of the purpose parameter have the followingmeanings:

[0106] L1STREAM: This key may only be used with the DX-SEC stream cipherdescribed below in connection with the first layer of security providedby the invention, i.e., the encryption of overlays.

[0107] L2BLOCK: This key may only be used with the block cipher in ECBmode of the second layer of security provided by the invention, i.e.,encrypting inputs and outputs, described below. The block cipher in theECB mode is used to decrypt texture blocks, which were written by thetrusted software.

[0108] In this regard, no copies of the keys should be kept, when theindex has been filled with a new value.

[0109] First Layer of Security—Encrypted Overlays

[0110] Since video memory can be mapped and read by untrusted softwarerunning on the CPU, video memory cannot contain information in plaintextform. Video memory subject to this requirement includes the video memoryused to refresh the display. An initial implementation of a system thatmeets this criterion in accordance with the invention encrypts thecontents of an overlay surface. The overlay would then be decrypted onthe fly by the DAC hardware, or just previous to reaching the DAChardware, as the image is sent to the display.

[0111]FIG. 3A illustrates an exemplary implementation of such atechnique. Encrypted premium content 200, from wherever found orgenerated incident to trusted software application 210, is received bytrusted application 210. An authentication exchange with cryptoprocessor 220 ensues, such as the authentication exchange procedure(s)described above in exemplary embodiments or by any other technique forsecure key delivery, either cryptographic or via a path protected byother means. The content 200 passes from system memory 230 to anencrypted overlay surface 240, which overlays primary surface 270 ofvideo memory 260. In conjunction with the crypto processor 220, adecrypt portion 250 of GPU 265 decrypts the encryption layer provided bythe encrypted overlay 240 and passes the content to pixel select 280 foroutput to digital video interface (DVI)/ digital to analog converter(DAC) 290 for output to a rendering device, such as a monitor. However,the system depicted in FIG. 3A does not meet all the criteria describedabove, since there is only one overlay. To meet the minimum bar offunctionality needed for a trusted environment, such as trusted windows,the invention enables two overlays in an alternate embodiment. The first“confidential” overlay is basically an overlay that exists in platformstoday, primarily to play back video, augmented such that its contentscan be encrypted. The second overlay is specifically designed to presentsensitive user interface such as e-commerce dialogs. This ‘protectedoverlay’ is always-on-top and non-obscurable, i.e., no color keying andhas precedence over the first overlay. The second overlay may besubjected to certain limitations to minimize cost. For instance, thesecond overlay may be provided such that the data is in the same pixelformat as the primary and is not able to be stretched or multi-buffered.In addition, the contents of the protected overlay can be verified bythe hardware. Table 3 summarizes exemplary differences between theconfidential overlay and the protected overlay. TABLE 3 ContrastConfidential and Protected Overlays Confidential Protected Item OverlayOverlay Same pixel format as primary Yes No Can be stretched No Yes Canbe destination colorkeyed Yes No Can be multi-buffered Yes No Is alwayson top No Yes Contents can be verified No Yes

[0112]FIG. 3B shows a system that includes both confidential overlays,e.g., overlays 310 a, 310 b and 310 c of confidential overlay flippingchain 310, and protected overlays 320. When possible, stream ciphers areused for secure surface encryption because they are faster and simplerto implement than block ciphers (see Appendix A for more detail). Streamciphers encrypt data based on the “position of the byte in the stream.”Thus, the first level of security of the invention initializes thestream cipher with the pixel encryption key at the upper left corner ofthe surface. The stream cipher is advanced for every pixel containedwithin the overlay surface regardless of whether the pixel will bedisplayed. The proposed system contains two stream cipher decryptioncomponents 300 a and 300 b, one for the confidential overlay and one forthe protected overlay, respectively. Once the decrypted pixel values areavailable, the hardware 280 selects the pixel value of the protectedoverlay 320, confidential overlay 310 (if the primary 270 is equal tothe color key and/or if color keying is enabled) or primary 270 andsends the pixel value to the display hardware via DVI/DAC 290.

[0113] It is noted that an adversary could gain access to the overlaysby any number of means, and thereby either make the displayed imageinvisible or replace secure content with noisy content, since datawritten by the adversary will also be decrypted. While the inventiondoes not directly defend against these attacks, the invention doesprovide for an integrity check to ensure that the expected content waspresented to the end user. Thus, if the output is something other thanthe input, the user or trusted software 210 can be alerted that therewas tampering with the content.

[0114] With respect to a software interface to the overlays, besides theusual overlay information, such as the source and destination boundingbox, destination color key, etc., the confidential overlay 310 maintainsthat the encryption key index be specified and the protected overlay 320additionally maintains that a memory location be specified where thecyclic redundancy code (CRC) of the decrypted overlay contents should bewritten.

[0115] The confidential overlay interface is similar to existingoverlays, except that the flip method specifies the encryption key indexof the contents of the overlay back buffer 310 a, i.e., the buffer towhich the data is being flipped.

[0116] The protected overlay interface is simpler and makes provisionfor a CRC of the surface to be forwarded to a memory location after ithas been displayed for the first time. A standardized hardware interfacecontrols the location of the overlay, and makes the CRC available tointerested software on a polling basis. For example, one register canindicate whether the CRC is available, and another can enable the CRC tobe read. For instance, the following exemplary pseudocode may beutilized in connection with the protected overlay interface:

[0117] HRESULT UpdateOverlay(LPPOINT ppntUL);

[0118] where:

[0119] ppntUL specifies the upper-left corner of the protected overlay.

[0120] In this regard, the software 210 calculates the CRC value that itexpects if it is concerned with integrity.

[0121] Second Layer of Security—Encrypted Inputs and Outputs

[0122] In accordance with the invention, to augment the GPU 265 tohandle encrypted content as input and emit encrypted content as output,encryption and decryption hardware is added to the texture mapping unit(on the input side) and the alpha blending unit (on the output side),and the hardware designers cooperate to follow some rules inimplementing this functionality. Since stream ciphers do not enablerandom access to encrypted data, the system uses block ciphers,encrypting the data, e.g., 128 bits at a time. The texture mapping unitdecrypts on a cache line fill and the alpha blending unit decrypts whenreading a cache line from the color buffer and encrypts before writing.The encryption keys used in these operations can be different.

[0123] Computational tasks other than 3D rendering, such as videodecoding, are straightforward extensions of the just-described paradigm.Instead of textures, video macroblocks serve as the encrypted input; andinstead of a color buffer, the output frame being decoded serves as theencrypted output. If content is to be protected as it is deliveredin-band in the command stream to the GPU 265, how the command buffer maybe encrypted as well is described below.

[0124]FIG. 4A depicts the just-described system performing a front endoperation, taking an encrypted surface 420 as input and emitting anencrypted surface as output, i.e., the front end of the encryptedtexture and color buffer techniques, via encrypt and decrypt component440. The invention further provides encrypted texture 400 a, whereastexture 400 b can be a typical texture of the video memory 260. Theencrypted texture 400 a outputs to decryption component 450 of the GPU265, which works together with the crypto processor 220 to decrypt thetexture and apply graphics algorithms, such as shading, etc., to thedecrypted data from component 440 with component 430 a.

[0125] Anticipating the deployment of a composited, page flippingdesktop, the system of FIG. 4A just described can protect the whole ofthe desktop, provided the DAC hardware can decrypt the primary 270 aswell as the overlay surfaces 310 and 320 described above. It is notedthat the DAC hardware decrypts using a block cipher rather than a streamcipher in such a case. Such a system enables an arbitrary number ofconfidential surfaces to participate in the desktop, with arbitrary Zordering, blending, or even 3D or other effects applied to them withoutcompromising security. Protected overlay surfaces 320, which must bealways-on-top and whose contents must be verifiable, reside in separatesurfaces. The confidential overlay 310 described above remains until itcan be emulated in software by the secure page flipping desktop, orplatform.

[0126] In one embodiment, in addition to being able to decrypt theprimary 270, the system requires the GPU 265 to be able to encryptplaintext from ordinary desktop applications as well, such as trustedword processors, so they too can participate in the desktop. FIG. 4Billustrates such a scenario wherein the primary flipping chain 510,including front 510 b and back 510 a, is encrypted. Thus, the primarysurfaces may be operated upon by desktop compositor 430, protected byencryption/decryption component 440 a for output therefromfrom/inputthereto, respectively. In communication with crypto processor 220, adecryption component 500 then decrypts the front surface 510 b foroutput to DVI/DAC 290. This exposes the system to certain types ofattack, which are detailed below with respect to ensuring security,where some strategies for defending against these attacks are discussed.

[0127]FIG. 4C depicts an alternative to FIG. 4B, wherein transcriptionto the confidential overlay flipping chain 310 is effected. Thus, as analternative to encrypting the primary 270, in accordance with theinvention, the hardware can enable stream cipher encryption forconsumption by the confidential overlay hardware 300 a, which candecrypt the stream cipher data together with crypto processor 220. Thispresentation mechanism may be less expensive than encrypting the primarywith a block cipher, but may not be as scalable or flexible, as a designtradeoff. Since the confidential overlay 310 uses a stream cipher forencryption, a reasonable operation to support in this context is a‘copy’ operation in which the input is decrypted by decryption component440 b using the block cipher of the input surface 510 a and re-encryptedby component 440 b using the overlay's stream cipher.

[0128] These embodiments, and various combinations thereof, are useful,for example, where one encrypted input at a time is sufficient, providedthat any number of plaintext inputs can be combined with the encryptedinput to generate encrypted output.

[0129] With respect to enduring security, there are a number of measuresthat may be implemented in accordance with the invention. First, theabove second layer of security described relies on the idea thatplaintext cannot be leaked out of the GPU 265 once it has beendecrypted. For example, no debugging registers or other facilities existthat enable plaintext to be read out of the chip by the centralprocessing unit (CPU) of the host. In addition to careful hardwaredesign to avoid such leaks, the GPU 265 instruction set is designed sothat it is impossible to enable decryption of the input without alsoenabling encryption of the output. Moreover, the hardware preventsleakage of plaintext data, whether by a rogue driver, by adversarialcode, or by accident.

[0130] In addition, the hardware may not leak the keys. Once the keysare delivered to the GPU 265 via the cryptographic protocol describedaccording to the authentication exchange, they are only available to theencryption and decryption components.

[0131] As discussed above, if the GPU 265 is able to encrypt plaintextfor display in the primary 270, this facility is considered avulnerability in the system since this encryption facility is the onlymechanism described in which an adversary could have plaintext andcorresponding ciphertext available at the same time. By mapping theprimary surface so it is viewable by the CPU and creating a window thatmust be encrypted, the adversary can construct a subset of theciphertext blocks that correspond to known plaintext blocks. Theseso-called “dictionary attacks” work best when the number of blocks thatare “interesting” is small. For example, for display of black-and-whitedialog boxes in a 32 bpp display mode, since there are 4 pixels perblock, only 16 blocks are needed to display such a dialog. One possibleavenue for an adversary who has discovered the 16 ciphertext blockswould be to falsify a dialog to the end user by creating content that ismeaningful even after decryption by the GPU 265. For this reason, theprotected overlay is best suited for tamper-resistant dialogs because itenables applications to detect when the end user has not seen what wasexpected.

[0132] There are thus two good strategies to frustrate adversaries whowish to create dictionaries. First, since dictionaries are only good fora given key, changing the key and re-encrypting the content forces theadversary to start over with a new dictionary. Furthermore, forencryption of the primary, the key need not be made available tosoftware—it can be rolled in hardware and the software only needs to benotified that the key has changed. Since the previous key is stillavailable, the software can use the previous key to decrypt andre-encrypt the portions of the primary that have not changed. Hence, thecrypto processor 220 periodically rolls the encryption key for theprimary 270 and in such a way that the previous key is still available,e.g., a double buffering of the encryption key indices, and in a waythat notifies the software that the key has been rolled.

[0133] Another strategy involves encoding the location within the imagebefore encryption. For example, the (x,y) pixel location in the image(or some derivative value, such as the image offset) can be exclusiveor-ed (XOR'd) into the pixel data before encrypting it; the operationcan then be undone after decryption. As a result, the blocks for pixelsin different areas of the surface are encrypted differently, and theplaintext-ciphertext mapping is only meaningful for a given position inthe surface, which is unavailable to an assailant.

[0134] The present invention also provides predefined swizzled formats.Since textures and offscreen surfaces require random access, they mustbe encoded with block ciphers. There is good synergy between the typicalblock size for a block cipher and the typical cache line size for amodem 3D accelerator, e.g., if the cache line and block size are both128 bits, then efficient encryption and decryption can be implemented inthe hardware. Even if there are slight differences (e.g., block size of128 bits and cache line size of 256 bits) the hardware implementation islikely to be efficient.

[0135] One problem with encrypted texture data is that a blockencryption scheme requires that an adjacent block of bytes be availablebefore it can be encrypted or decrypted; and a cache line fill requiresthat the pixel data be ‘swizzled,’ i.e., that the translation from an(X,Y) position in the image to an address be formed such that the cacheline fill yields a 2D region of pixels. To date, hardware vendors haveexposed ostensibly linear surface formats while swizzling image datawithout the knowledge of the application. Since trusted software will beemitting the encrypted texture data, however, the software must have apriori knowledge of the swizzling scheme so it can encrypt adjacentblocks of data and preserve 2D locality. In response, the inventiondefines a dictionary of swizzled image formats, including YUV 4:4:4,4:2:2, and 4:2:0 as well as RGB formats, for use by the application. Theperformance of these formats may not be quite as high as if the imageswere swizzled to a hardware-specific format, but the encryption is wortha slight performance degradation, i.e., security in exchange for speed.

[0136] With respect to AYUV/ARGB (32 bpp, packed), this 32 bpp surfaceformat contains an alpha channel in addition to 8-bit color channels forthe luminance (Y) and chrominance (U and V) samples. Alternatively, itcan contain a standard ARGB 32 bpp, since both formats are 32 bpp andpacked. The following discussion assumes AYUV. The linear layout is asin FIG. 5A.

[0137] The offset of pixel (X,Y) in the image is as follows:

Offset=Y*Pitch+X*4

[0138] Assuming a 128-bit encryption block size and cache line size, 4pixels can fit in a single block. Interleaving the least significantbits of X and Y before generating the address will result in improved 2Dlocality in a cache line fill. These blocks are laid out linearly,according to the format.

[0139] The resulting image layout is illustrated by FIG. 5B. Eachnumbered rectangle is a pixel and the bold rectangles are encryptedblocks. Exemplary pseudocode for the swizzling function of the inventionfor this format that converts an (x,y) location in the image to anoffset is as follows: DWORD SwizzleAYUV( DWORD x, DWORD y, DWORD Pitch ){ // pitch is number of bytes per scanline of macro blocks DWORDBlockOffset = (y>>1)*Pitch+(x>>1)*(128/8); DWORD IntraBlockOffset =((y&2)<<2)|((x&2)<<1)|((y&1)<<1)|(x&1); returnBlockOffset+IntraBlockOffset*4; }

[0140] With respect to YUY2 (16 bpp, packed), this surface formathorizontally subsamples the ‘chrominance’ samples U and V by a factor of2. The result is a packed image format that averages to 16 bits perpixel. The linear layout is shown in FIG. 6A. The swizzling format ofthe invention allocates encrypted blocks of 4×2 pixels, as shown in FIG.6B. As with FIGS. 5A and 5B, the 128-bit blocks are swizzled as well. Itis noted that with FIG. 6B and with the following exemplary swizzlingpseudocode which translates (x,y) coordinate pairs into image offsets, Uand V are assumed to have even X coordinates: DWORD SwizzleYUY2Y( DWORDx, DWORD y, const SURFACEDESC& sd ) { assert( x < sd.Width ); assert( y< sd.Height ); DWORD BlockOffset = (y>>1 )*sd.Pitch+(x>>2)*(128/8);DWORD IntraBlockOffset = ((x&2)<<1)| ((y&1)<<1)| ((x&1)<<0); DWORD dwRet= BlockOffset+(IntraBlockOffset<<1); return dwRet; } DWORD SwizzleYUY2U(DWORD x, DWORD y, const SURFACEDESC& sd ) { assert( x < sd.Width );assert( 0 == (x & 1) ); assert( y < sd.Height ); DWORD BlockOffset =(y>>1)*sd.Pitch+(x>>2)*(128/8); DWORD IntraBlockOffset = ((x&2)<<1)|((y&l)<<1)| ((x&1)<<0); return BlockOffset+(IntraBlockOffset<<1)+1; }DWORD SwizzleYUY2V( DWORD x, DWORD y, const SURFACEDESC& sd ) { assert(x < sd.Width ); assert( 0 == (x & 1) ); assert( y < sd.Height ); DWORDBlockOffset = (y>>2)*sd.Pitch+(x>>3)*(512/8); DWORD IntraBlockOffset =((x&2)<<1)| ((y&1)<<1)| ((x&1)<<0); returnBlockOffset+(IntraBlockOffset<<1)+3; }

[0141] In this regard, for the pseudocode accompanying the swizzling ofFIGS. 5A, 5B, 6A and 6B, the surface pitch is defined as the number ofbytes per scanline of 128-bit blocks.

[0142] With respect to packed planar (12 bpp), this surface formatsubsamples U and V by a factor of 2 horizontally and vertically. Theluminance and chrominance samples are laid out in two separate portionsof the surface. The linear layout of packed planar (12 bpp) shown inFIG. 7A The surface pitch is defined as the number of bytes per scanlineof 512-bit blocks in the Y plane. The pitch of the UV plane is half thepitch of the Y plane because there are ¼ as many samples, but twice asmany color elements per sample. The resulting swizzled image format inaccordance with the invention is shown in FIG. 7B.

[0143] Exemplary pseudocode for the swizzling function of the inventionfor this format that translates (x,y) coordinates to offsets for Y, Uand V elements is as follows: DWORD SwizzlePP12Y( DWORD x, DWORD y,const SURFACEDESC& sd ) { assert( x < sd.Width ); assert( y < sd.Height); DWORD BlockOffset = (y>>2)*sd.Pitch+(x>>2)*(128/8); DWORDIntraBlockOffset = ((y&2)<<2)| ((x&2)<<1)| ((y&1)<<1)| (x&1); returnBlockOffset+IntraBlockOffset; } DWORD SwizzlePP12U( DWORD x, DWORD y,const SURFACEDESC& sd ) { DWORD PlaneOffset = (sd.Height>>3)*sd.Pitch;if ( (0!=(x&1)) ∥ (0!=(y&1)) ) _asm int 3 x >>= 1; y >>= 1; DWORDBlockOffset = (y>>1)*sd.Pitch/2+(x>>2)*(128/8); DWORD IntraBlockOffset =((x&2)<<1)| ((y&1)<<1)| (x&1); returnPlaneOffset+BlockOffset+(IntraBlockOffset<<1); } DWORD SwizzlePP12V(DWORD x, DWORD y, const SURFACEDESC& sd ) { DWORD PlaneOffset =(sd.Height>>3)*sd.Pitch; if ( (0!=(x&1)) ∥ (0!=(y&1)) ) _asm mt 3 x >>=1; y >>= 1; DWORD BlockOffset = (y>>1)*sd.Pitch/2+(x>>2)*(128/8); DWORDIntraBlockOffset = ((x&2)<<1)| ((y&1)<<1)| (x&1); returnPlaneOffset+BlockOffset+(IntraBlockOffset<<1)+1; }

[0144] Third Layer of Security—Encrypted Command Buffers

[0145] The facilities of the embodiments described above with respect tothe first and second layers of security can be augmented in accordancewith the invention to encrypt the command buffers submitted to the GPU265 in addition to the image data upon which the GPU 265 is operating.This functionality is desirable if the application 210 wishes to protectcontent that is sent to the hardware in-band in the command buffer. FIG.9A shows video decoding using an encrypted command buffer 900, wherebythe content is delivered to the encrypted texture 400 a and is decryptedby decryption component 450 and decoded by the video decoder 430 b.Although it is possible for the command buffer only to be encrypted, thecontent is encrypted in video memory as well as in the command buffer,as shown by encrypted decoded frame 420 a. Encrypting the command bufferis thus appropriate in situations like this, where macroblocks are invideo memory and with motion vectors and other commands sent in thecommand stream.

[0146] The atomicity constraint for encrypted texture data also appliesto encrypted command buffer data, with the caveat that color bufferencryption may not be sufficient to protect the content in question.Intermediate buffers, e.g., the Z buffer, may also be encrypted toprotect the system against plaintext attacks. FIG. 9B shows exemplary 3Drendering using an encrypted command buffer in accordance with theinvention. As illustrated, the 3d rendering commands 810 are encrypteden route to video decoder 430 c. The texture data 400 a is decrypted bydecryption component 450 and processed according to the commands 810 byvideo decoder 430 c. Incident thereto, data in the color buffer 820 isencrypted via encrypt/decrypt component 830.

[0147] Tamper detection can be done before consumption of the commandbuffer, using two passes, or after the command buffer has been consumed.In one embodiment, tamper detection is enabled after display orrendering of the content.

[0148] Further Alternate Embodiments—Encryption of Output From GraphicsCard

[0149] In each of the above embodiments, while confidentiality andintegrity has been demonstrated and described with respect to the dashedline portion of FIG. 2, confidentiality and integrity have not beendemonstrated with respect to the video output, i.e., theoretically, theinterface between the graphics card and the rendering device, such as amonitor, and/or the rendering device itself is subject to an attack.

[0150] Thus, in the above-described embodiments, as shown in FIG. 9A, atsome point during the process, even though the content is protected inthe video memory and during graphics card processing, the data is sentonto DVI/DAC 290 in the clear. As a result, the data may be pirated, oraltered en route to the rendering device, and while inside the renderingdevice.

[0151] Thus, in accordance with an alternate embodiment of theinvention, which may optionally be combined with other embodimentsdescribed herein, a sister crypto processor 220 b is provided in therendering device to complement the functionality performed by the cryptoprocessor 220 a. In this regard, encryption component 910 acommunicatively coupled to crypto processor 220 a encrypts the dataprior to delivery to DVI/DAC component 290 and decryption component 910b communicatively coupled to crypto processor 220 b decrypts the data aspart of the display or rendering that takes place, preventing piracy ofthe data. Encryption component 910 a may alternately be included withDVI/DAC component 290. In short, applying the same encryption anddecryption, and key management techniques, the content can be protectedthroughout the entire graphics pipeline for cryptographically protectedsecure delivery and processing of content.

[0152] As mentioned above, while exemplary embodiments of the presentinvention have been described in connection with various computingdevices, hardware, software and network architectures, the underlyingconcepts may be applied to any computing device or system in which it isdesirable to protect content from a trusted source. Thus, the techniquesfor cryptographically protecting secure content in accordance with thepresent invention may be applied to a variety of applications anddevices. For instance, the methods for cryptographically protectingsecure content of the invention may be applied to the operating systemof a computing device, provided as a separate object on the device, aspart of another object, as a downloadable object from a server, as adistributed object, etc. While exemplary programming languages,pseudocode, names and examples are chosen herein as representative ofvarious choices, the languages, pseudocode, names and examples are notintended to be limiting.

[0153] The various techniques described herein may be implemented inconnection with hardware or software or, where appropriate, with acombination of both. Thus, the methods and apparatus of the presentinvention, or certain aspects or portions thereof, may take the form ofprogram code (i.e., instructions) embodied in tangible media, such asfloppy diskettes, CD-ROMs, hard drives, or any other machine-readablestorage medium, wherein, when the program code is loaded into andexecuted by a machine, such as a computer, the machine becomes anapparatus for practicing the invention. In the case of program codeexecution on programmable computers, the computing device will generallyinclude a processor, a storage medium readable by the processor(including volatile and non-volatile memory and/or storage elements), atleast one input device, and at least one output device. One or moreprograms that may utilize the techniques of the present invention, e.g.,through the use of a data processing API, operating system, trustedapplication or the like, are preferably implemented in a high levelprocedural or object oriented programming language to communicate with acomputer system. However, the program(s) can be implemented in assemblyor machine language, if desired. In any case, the language may be acompiled or interpreted language, and in various embodiments of theinvention, imposes conditions upon hardware implementations of the GPU265.

[0154] The methods and apparatus of the present invention may also bepracticed via communications embodied in the form of program code thatis transmitted over some transmission medium, such as over electricalwiring or cabling, through fiber optics, or via any other form oftransmission, wherein, when the program code is received and loaded intoand executed by a machine, such as an EPROM, a gate array, aprogrammable logic device (PLD), a client computer, a video recorder orthe like, or a receiving machine having a graphics card and encryptioncapabilities as described in exemplary embodiments above becomes anapparatus for practicing the invention. When implemented on ageneral-purpose processor, the program code combines with the processorto provide a unique apparatus that operates to invoke the functionalityof the present invention. Additionally, any storage techniques used inconnection with the present invention may invariably be a combination ofhardware and software.

[0155] While the present invention has been described in connection withthe preferred embodiments of the various figures, it is to be understoodthat other similar embodiments may be used or modifications andadditions may be made to the described embodiment for performing thesame function of the present invention without deviating therefrom. Forexample, while exemplary network environments of the invention aredescribed in the context of a networked environment, such as a peer topeer networked environment, one skilled in the art will recognize thatthe present invention is not limited thereto, and that the methods, asdescribed in the present application may apply to any computing deviceor environment, such as a gaming console, handheld computer, portablecomputer, etc., whether wired or wireless, and may be applied to anynumber of such computing devices connected via a communications network,and interacting across the network. Furthermore, it should be emphasizedthat a variety of computer platforms, including handheld deviceoperating systems and other application specific operating systems arecontemplated, especially as the number of wireless networked devicescontinues to proliferate. Still further, the present invention may beimplemented in or across a plurality of co-processing chips or devices,such as a device having a plurality of GPUs, and storage may similarlybe effected across a plurality of devices. Therefore, the presentinvention should not be limited to any single embodiment, but rathershould be construed in breadth and scope in accordance with the appendedclaims.

[0156] Appendix A. Stream Ciphers Versus Block Ciphers

[0157] This Appendix details the differences between stream ciphers andblock ciphers as they relate to the contents of this document. IssueStream cipher Block cipher Granularity Byte 16-byte (128 bit) Randomaccess Difficult/impossible Straightforward Key changes Frequent (perframe) Infrequent Complexity 1× 4× stream cipher IP Status ProprietaryPublic domain

[0158] As a rule, stream ciphers are faster and simpler to implementthan block ciphers.

[0159] As the name implies, stream ciphers encrypt and decrypt a streamof bytes. To decrypt the N^(th) byte in the stream, the cipher starts atthe beginning and advances one byte at a time to the desired offset intothe stream.

[0160] In contrast, block ciphers that are running in electronic codebook mode can encrypt or decrypt arbitrary blocks in the data, but mustencrypt/decrypt a complete block at a time. A typical block size is 16bytes.

[0161] Stream ciphers are used in such a way that the same data is neverencrypted twice, i.e., the key used for encryption and decryption mustbe changed frequently. When used for premium video playback, forexample, changing keys once per frame is sufficient.

[0162] As a final note, there are good quality block ciphers availablein the public domain.

What is claimed is:
 1. A method for cryptographically protecting securecontent in connection with a trusted graphics system of a computingdevice, the trusted graphics system having video memory, at least onegraphics processing unit (GPU) and a cryptographic processing devicecommunicatively coupled to said at least one GPU, comprising:requesting, by one of an application and device, the graphics system toperform one of processing and rendering of secure content, wherein saidrequesting includes transmitting by said one of an application anddevice a session key to the graphics system and transmitting said securecontent to at least one encrypted portion of the video memory;decrypting the content of said at least one encrypted portion of videomemory by said at least one GPU in communication with said cryptographicprocessing device; performing said one of processing and rendering onsaid decrypted content by said at least one GPU; and outputting saidcontent from the at least one GPU.
 2. A method according to claim 1,wherein if the output of said outputting is different than the securecontent of said requesting adjusted for any processing performed on saidsecure content by said at least one GPU, said one of an application anddevice is alerted to the difference.
 3. A method according to claim 1,wherein said transmitting includes transmitting said secure content toat least one encrypted overlay surface, which overlays at least oneprimary surface of said video memory.
 4. A method according to claim 1,wherein said decrypting the content of said at least one encryptedportion of video memory includes decrypting a geometrical fraction of aprimary surface, whereby pixels other than the geometrical fraction arenot decrypted.
 5. A method according to claim 1, wherein thecryptographic processor is permanently attached to the graphics card, byone of (A) adding the cryptographic processor to an existing chip and(B) adding the cryptographic processor as a separate chip to thegraphics card, whereby the physical connection between the cryptographicprocessor and the rest of the graphics card is not accessible and is notexposed.
 6. A method according to claim 3, wherein said decryptingincludes decrypting said at least one encrypted overlay surface by adecryption mechanism of said GPU communicatively coupled to saidcryptographic processing device
 7. A method according to claim 3,wherein said decrypting includes one of (A) decrypting said at least oneencrypted overlay surface on the fly by digital to analog conversion(DAC) hardware of the graphics system as the content is output accordingto said outputting and (B) decrypting said at least one encryptedoverlay surface on the fly just previous to the content reaching the DAChardware of the graphics system.
 8. A method according to claim 3,wherein said decrypting includes decrypting said at least one encryptedoverlay surface previous to the content reaching the DAC hardware of thegraphics system by a component having no back channel to the hostsystem.
 9. A method according to claim 1, further including:re-encrypting said content by said at least one GPU in communicationwith said cryptographic processing device prior to said outputting; anddecrypting said re-encrypted content by at least a second cryptographicprocessing device of an external computing device.
 10. A methodaccording to claim 1, wherein the content is transmitted in digital formto an external device having a second cryptographic processing deviceand said decrypting occurs on said external device.
 11. A methodaccording to claim 9, wherein said external computing device is one of(A) a monitor, (B) a set top box and (C) a digital signal processing(DSP) rendering device.
 12. A method according to claim 3, wherein saidtransmitting includes transmitting said secure content to one of (A) afirst encrypted confidential overlay for basic rendering of securecontent and (B) a second encrypted protected overlay specificallydesigned to present sensitive user interfaces, (C) a first encryptedregion of a primary surface for basic rendering of secure content and(D) a second encrypted region of a primary surface specifically designedto present sensitive user interfaces.
 13. A method according to claim 1,wherein said decrypting includes calculating a cryptographic digest ofthe decrypted data, and said method further includes: transmitting saidcryptographic digest to the one of an application and device to ensurethat the displayed pixels are the pixels sent in connection with saidrequesting by the one of an application and device.
 14. A methodaccording to claim 12, wherein the second encrypted protected overlay isalways-on-top and non-obscurable and wherein the contents of the secondencrypted protected overlay are verified by said at least one GPU.
 15. Amethod according to claim 12, wherein said decrypting includes one of(A) decrypting with a first stream cipher decryption component thecontents of the first encrypted confidential overlay, (B) decryptingwith a second stream cipher decryption component the contents of thesecond encrypted protected overlay, (C) decrypting with a first streamcipher decryption component the contents of the first encrypted regionof primary surface and (D) decrypting with a second stream cipherdecryption component the contents of the second encrypted region ofprimary surface.
 16. A method according to claim 15, wherein at leastone bit of each pixel in a primary surface is used to determinemembership in a virtual protected surface for the pixel, wherein thegraphics card selects an appropriate decryption key for the pixel basedon said at least one bit.
 17. A method according to claim 16, wherein ifsaid at least one bit contains a zero value, then the virtual protectedsurface associated with said at least one bit is interpreted as a regionnot to decrypt.
 18. A method according to claim 15, further includingonce the decrypted pixel values are available, selecting by a pixelselect component of said at least one GPU the pixel value of one of (A)the second encrypted protected overlay, (B) the first encryptedconfidential overlay and (3) a primary surface.
 19. A method accordingto claim 12, wherein said requesting includes at least one of (A) asource and destination bounding box of said at least one encryptedoverlay surface, (B) a destination color key of said at least oneencrypted overlay surface, (C) in the case of the first encryptedconfidential overlay, a specification of an encryption key index of thecontents of an overlay back buffer to which the data is to be flipped(D) in the case of the second encrypted protected overlay, aspecification of a memory location where at least one of a cyclicredundancy code (CRC), an integrity measure and a digest value of thedecrypted overlay contents are to be written, (E) a source anddestination bounding box of at least one encrypted primary surface, and(F) a destination color key of said at least one encrypted primarysurface.
 20. A method according to claim 19, wherein said one of anapplication and device calculates said at least one of the CRC,integrity measure and digest value if said one of an application anddevice is concerned with integrity of the content.
 21. A methodaccording to claim 1, wherein at least one command buffer sent to avideo decode unit of the at least one GPU incident to said requesting isencrypted by said at least one of an application and device anddecrypted by said video decode unit in communication with saidcryptographic processing unit.
 22. A method according to claim 21,further comprising tamper detecting said at least one command buffer oneof (A) by using two passes before consumption of the at least onecommand buffer and (B) after the command buffer has been consumed. 23.At least one of an operating system, a computer readable medium havingstored thereon a plurality of computer-executable instructions, aco-processing device, a computing device and a modulated data signalcarrying computer executable instructions for performing the method ofclaim
 1. 24. A method for cryptographically protecting secure content inconnection with a trusted graphics system of a computing device, thetrusted graphics system having video memory, at least one graphicsprocessing unit (GPU) and a cryptographic processing devicecommunicatively coupled to said at least one GPU, comprising:requesting, by one of an application and device, the graphics system toperform one of processing and rendering of secure content, wherein saidrequesting includes transmitting by said one of an application anddevice a session key to the graphics system for verification by thecryptographic processing device and transmitting said secure content toat least one encrypted portion of the video memory; decrypting thecontent of said at least one encrypted portion of video memory by adecryption mechanism of an input unit of said at least one GPU, whereinsaid decryption mechanism is in communication with said cryptographicprocessing device; performing said one of processing and rendering onsaid decrypted content by said at least one GPU; encrypting said contentwith an encryption/decryption mechanism of an output unit of the atleast one GPU; and outputting said encrypted content from the at leastone GPU.
 25. A method according to claim 24, wherein said input unit isa texture mapping unit and said output unit is an alpha blending unit,and wherein said at least one encrypted portion of said video memory isan encrypted texture surface.
 26. A method according to claim 24,wherein said secure content is one of texture data, plaintext and videomacroblocks.
 27. A method according to claim 24, wherein said encryptingand decrypting includes encrypting and decrypting using block ciphers,respectively.
 28. A method according to claim 25, wherein saiddecryption mechanism of the texture mapping unit decrypts on a cacheline fill and wherein the encryption/decryption mechanism of the alphablending unit encrypts before writing.
 29. A method according to claim25, further including decrypting by the encryption/decryption mechanismof the alpha blending unit when reading a cache line from a color bufferin video memory.
 30. A method according to claim 24, further including:flipping said encrypted output content from an encrypted back primarysurface to an encrypted front primary surface of said video memory,second decrypting said encrypted output content by a second decryptionmechanism of said at least one GPU in communication with saidcryptographic processing device; and second outputting said outputcontent.
 31. A method according to claim 24, wherein said outputtingincludes outputting the encrypted content to a confidential overlayflipping chain and the method further includes: flipping said encryptedoutput content from an encrypted back confidential surface to anencrypted front confidential surface, whereby said encrypting by saidencryption/decryption mechanism includes encrypting utilizing streamcipher encryption; and second decrypting said encrypted output contentby a stream cipher decryption mechanism of said at least one GPU incommunication with said cryptographic processing device.
 32. A methodaccording to claim 31, further comprising: prior to said encrypting,encoding a location within the content; and after said seconddecrypting, decoding the location within the content, whereby saidlocation is externally unavailable preserving the integrity of aplaintext-ciphertext mapping.
 33. A method according to claim 24,wherein if the output of said outputting is different than the securecontent of said requesting adjusted for any processing performed on saidsecure content by said at least one GPU, said one of an application anddevice is alerted to the difference.
 34. A method according to claim 24,further including: re-encrypting said content by said at least one GPUin communication with said cryptographic processing device prior to saidoutputting; and decrypting said re-encrypted content by at least asecond cryptographic processing device of an external computing device.35. A method according to claim 34, wherein said external computingdevice is one of (A) a monitor, (B) a set top box and (C) a digitalsignal processing (DSP) rendering device.
 36. A method according toclaim 24, wherein encrypted textures and encrypted offscreen surfacesdelivered by said one of an application and device are encoded withblock ciphers, and said one of an application and device swizzles theblock ciphers with a predefined swizzling format that converts an (x,y)location in the content to an offset for at least one of YUV, RGB, YUY2and packed planar formats.
 37. A method according to claim 24, whereinat least one command buffer sent to a video decode unit of the at leastone GPU incident to said requesting is encrypted by said at least one ofan application and device and decrypted by said video decode unit incommunication with said cryptographic processing unit.
 38. A methodaccording to claim 24, further comprising tamper detecting said at leastone command buffer one of (A) by using two passes before consumption ofthe at least one command buffer and (B) after the command buffer hasbeen consumed.
 39. At least one of an operating system, a computerreadable medium having stored thereon a plurality of computer-executableinstructions, a co-processing device, a computing device and a modulateddata signal carrying computer executable instructions for performing themethod of claim
 24. 40. At least one computer readable medium comprisingcomputer executable modules including computer executable instructionsfor cryptographically protecting secure content in connection with atrusted graphics system of a computing device, the trusted graphicssystem having video memory, at least one graphics processing unit (GPU)and a cryptographic processing device communicatively coupled to said atleast one GPU, the computer executable modules comprising: means forrequesting by one of an application and device the graphics system toperform one of processing and rendering of secure content, wherein saidmeans for requesting includes means for transmitting by said one of anapplication and device a session key to the graphics system and meansfor transmitting said secure content to at least one encrypted portionof the video memory; means for decrypting the content of said at leastone encrypted portion of video memory by said at least one GPU incommunication with said cryptographic processing device; means forperforming said one of processing and rendering on said decryptedcontent by said at least one GPU; and means for outputting said contentfrom the at least one GPU.
 41. At least one computer readable mediumaccording to claim 40, wherein if the output of said means foroutputting is different than the secure content of said means forrequesting adjusted for any processing performed on said secure contentby said at least one GPU, said one of an application and device isalerted to the difference.
 42. At least one computer readable mediumaccording to claim 40, wherein said means for transmitting includesmeans for transmitting said secure content to at least one encryptedoverlay surface, which overlays at least one primary surface of saidvideo memory.
 43. At least one computer readable medium according toclaim 40, wherein said means for decrypting the content of said at leastone encrypted portion of video memory includes means for decrypting ageometrical fraction of a primary surface, whereby pixels other than thegeometrical fraction are not decrypted.
 44. At least one computerreadable medium according to claim 40, wherein the cryptographicprocessor is permanently attached to the graphics card, by one of (A)adding the cryptographic processor to an existing chip and (B) addingthe cryptographic processor as a separate chip to the graphics card,whereby the physical connection between the cryptographic processor andthe rest of the graphics card is not accessible and is not exposed. 45.At least one computer readable medium according to claim 42, whereinsaid means for decrypting includes means for decrypting said at leastone encrypted overlay surface by a decryption mechanism of said GPUcommunicatively coupled to said cryptographic processing device.
 46. Atleast one computer readable medium according to claim 42, wherein saidmeans for decrypting includes one of (A) means for decrypting said atleast one encrypted overlay surface on the fly by digital to analogconversion (DAC) hardware of the graphics system as the content isoutput according to said outputting of said means for outputting and (B)means for decrypting said at least one encrypted overlay surface on thefly just previous to the content reaching the DAC hardware of thegraphics system.
 47. At least one computer readable medium according toclaim 42, wherein said means for decrypting includes means fordecrypting said at least one encrypted overlay surface previous to thecontent reaching the DAC hardware of the graphics system by a componenthaving no back channel to the host system.
 48. At least one computerreadable medium according to claim 40, further including: means forre-encrypting said content by said at least one GPU in communicationwith said cryptographic processing device prior to said outputting bysaid means for outputting; and means for decrypting said re-encryptedcontent by at least a second cryptographic processing device of anexternal computing device.
 49. At least one computer readable mediumaccording to claim 40, wherein the content is transmitted in digitalform to an external device having a second cryptographic processingdevice and said decrypting of said means for decrypting occurs on saidexternal device.
 50. At least one computer readable medium according toclaim 48, wherein said external computing device is one of (A) amonitor, (B) a set top box and (C) a digital signal processing (DSP)rendering device.
 51. At least one computer readable medium according toclaim 42, wherein said means for transmitting includes means fortransmitting said secure content to one of (A) a first encryptedconfidential overlay for basic rendering of secure content and (B) asecond encrypted protected overlay specifically designed to presentsensitive user interfaces, (C) a first encrypted region of a primarysurface for basic rendering of secure content and (D) a second encryptedregion of a primary surface specifically designed to present sensitiveuser interfaces.
 52. At least one computer readable medium according toclaim 40, wherein said means for decrypting includes means forcalculating a cryptographic digest of the decrypted data, and saidcomputer executable modules further include: means for transmitting saidcryptographic digest to the one of an application and device to ensurethat the displayed pixels are the pixels sent in connection with saidrequesting by the one of an application and device via said means forrequesting.
 53. At least one computer readable medium according to claim51, wherein the second encrypted protected overlay is always-on-top andnon-obscurable and wherein the contents of the second encryptedprotected overlay are verified by said at least one GPU.
 54. At leastone computer readable medium according to claim 51, wherein said meansfor decrypting includes one of (A) means for decrypting with a firststream cipher decryption component the contents of the first encryptedconfidential overlay, (B) means for decrypting with a second streamcipher decryption component the contents of the second encryptedprotected overlay, (C) means for decrypting with a first stream cipherdecryption component the contents of the first encrypted region ofprimary surface and (D) means for decrypting with a second stream cipherdecryption component the contents of the second encrypted region ofprimary surface.
 55. At least one computer readable medium according toclaim 54, wherein at least one bit of each pixel in a primary surface isused to determine membership in a virtual protected surface for thepixel, wherein the graphics card selects an appropriate decryption keyfor the pixel based on said at least one bit.
 56. At least one computerreadable medium according to claim 55, wherein if said at least one bitcontains a zero value, then the virtual protected surface associatedwith said at least one bit is interpreted as a region not to decrypt.57. At least one computer readable medium according to claim 54, thecomputer executable modules further including, means for selecting, oncethe decrypted pixel values are available, by a pixel select component ofsaid at least one GPU the pixel value of one of (A) the second encryptedprotected overlay, (B) the first encrypted confidential overlay and (3)a primary surface.
 58. At least one computer readable medium accordingto claim 51, wherein said requesting of said means for requestingincludes at least one of (A) a source and destination bounding box ofsaid at least one encrypted overlay surface, (B) a destination color keyof said at least one encrypted overlay surface, (C) in the case of thefirst encrypted confidential overlay, a specification of an encryptionkey index of the contents of an overlay back buffer to which the data isto be flipped (D) in the case of the second encrypted protected overlay,a specification of a memory location where at least one of a cyclicredundancy code (CRC), an integrity measure and a digest value of thedecrypted overlay contents are to be written, (E) a source anddestination bounding box of at least one encrypted primary surface, and(F) a destination color key of said at least one encrypted primarysurface.
 59. At least one computer readable medium according to claim58, wherein said one of an application and device calculates said atleast one of the CRC, integrity measure and digest value if said one ofan application and device is concerned with integrity of the content.60. At least one computer readable medium according to claim 40, whereinat least one command buffer sent to a video decode unit of the at leastone GPU incident to said requesting of said means for requesting isencrypted by said at least one of an application and device anddecrypted by said video decode unit in communication with saidcryptographic processing unit.
 61. At least one computer readable mediumaccording to claim 60, the computer executable modules furthercomprising means for tamper detecting said at least one command bufferone of (A) by using two passes before consumption of the at least onecommand buffer and (B) after the command buffer has been consumed. 62.At least one of an operating system, a co-processing device, a computingdevice and a modulated data signal carrying the computer executableinstructions of the computer executable modules of the at least onecomputer readable medium of claim
 40. 63. At least one computer readablemedium comprising computer executable modules including computerexecutable instructions for cryptographically protecting secure contentin connection with a trusted graphics system of a computing device, thetrusted graphics system having video memory, at least one graphicsprocessing unit (GPU) and a cryptographic processing devicecommunicatively coupled to said at least one GPU, the computerexecutable modules comprising: means for requesting, by one of anapplication and device, the graphics system to perform one of processingand rendering of secure content, wherein said means for requestingincludes means for transmitting by said one of an application and devicea session key to the graphics system for verification by thecryptographic processing device and transmitting said secure content toat least one encrypted portion of the video memory; means for decryptingthe content of said at least one encrypted portion of video memory by adecryption mechanism of an input unit of said at least one GPU, whereinsaid decryption mechanism is in communication with said cryptographicprocessing device; means for performing said one of processing andrendering on said decrypted content by said at least one GPU; means forencrypting said content with an encryption/decryption mechanism of anoutput unit of the at least one GPU; and means for outputting saidencrypted content from the at least one GPU.
 64. At least one computerreadable medium according to claim 63, wherein said input unit is atexture mapping unit and said output unit is an alpha blending unit, andwherein said at least one encrypted portion of said video memory is anencrypted texture surface.
 65. At least one computer readable mediumaccording to claim 63, wherein said secure content is one of texturedata, plaintext and video macroblocks.
 66. At least one computerreadable medium according to claim 63, wherein said means for encryptingand means for decrypting includes means for encrypting and means fordecrypting using block ciphers, respectively.
 67. At least one computerreadable medium according to claim 64, wherein said decryption mechanismof the texture mapping unit decrypts on a cache line fill and whereinthe encryption/decryption mechanism of the alpha blending unit encryptsbefore writing.
 68. At least one computer readable medium according toclaim 64, further including means for decrypting by theencryption/decryption mechanism of the alpha blending unit when readinga cache line from a color buffer in video memory.
 69. At least onecomputer readable medium according to claim 63, further including: meansfor flipping said encrypted output content from an encrypted backprimary surface to an encrypted front primary surface of said videomemory; second means for decrypting said encrypted output content by asecond decryption mechanism of said at least one GPU in communicationwith said cryptographic processing device; and second means foroutputting said output content.
 70. At least one computer readablemedium according to claim 63, wherein said means for outputting includesmeans for outputting the encrypted content to a confidential overlayflipping chain and the computer executable modules further include:means for flipping said encrypted output content from an encrypted backconfidential surface to an encrypted front confidential surface, wherebysaid encrypting by said encryption/decryption mechanism includes meansfor encrypting utilizing stream cipher encryption; and second means fordecrypting said encrypted output content by a stream cipher decryptionmechanism of said at least one GPU in communication with saidcryptographic processing device.
 71. At least one computer readablemedium according to claim 70, the computer executable modules furthercomprising: means for encoding a location within the content prior tosaid encrypting by said means for encrypting; and means for decoding thelocation within the content after said decrypting by said second meansfor decrypting, whereby said location is externally unavailablepreserving the integrity of a plaintext-ciphertext mapping.
 72. At leastone computer readable medium according to claim 63, wherein if theoutput of said means for outputting is different than the secure contentof said means for requesting adjusted for any processing performed onsaid secure content by said at least one GPU, said one of an applicationand device is alerted to the difference.
 73. At least one computerreadable medium according to claim 63, the computer executable modulesfurther including: means for re-encrypting said content by said at leastone GPU in communication with said cryptographic processing device priorto said outputting by said means for outputting; and means fordecrypting said re-encrypted content by at least a second cryptographicprocessing device of an external computing device.
 74. At least onecomputer readable medium according to claim 73, wherein said externalcomputing device is one of (A) a monitor, (B) a set top box and (C) adigital signal processing (DSP) rendering device.
 75. At least onecomputer readable medium according to claim 63, wherein encryptedtextures and encrypted offscreen surfaces delivered by said one of anapplication and device are encoded with block ciphers, and said one ofan application and device swizzles the block ciphers with a predefinedswizzling format that converts an (x,y) location in the content to anoffset for at least one of YUV, RGB, YUY2 and packed planar formats. 76.At least one computer readable medium according to claim 63, wherein atleast one command buffer sent to a video decode unit of the at least oneGPU incident to said requesting of said means for requesting isencrypted by said at least one of an application and device anddecrypted by said video decode unit in communication with saidcryptographic processing unit.
 77. At least one computer readable mediumaccording to claim 63, the computer executable modules furthercomprising means for tamper detecting said at least one command bufferone of (A) by using two passes before consumption of the at least onecommand buffer and (B) after the command buffer has been consumed. 78.At least one of an operating system, a co-processing device, a computingdevice and a modulated data signal carrying the computer executableinstructions of the computer executable modules of the at least onecomputer readable medium of claim
 63. 79. A computing device comprisingmeans for cryptographically protecting secure content in connection witha trusted graphics system of a computing device, the trusted graphicssystem having video memory, at least one graphics processing unit (GPU)and a cryptographic processing device communicatively coupled to said atleast one GPU, comprising: means for requesting by one of an applicationand device the graphics system to perform one of processing andrendering of secure content, wherein said means for requesting includesmeans for transmitting by said one of an application and device asession key to the graphics system and means for transmitting saidsecure content to at least one encrypted portion of the video memory;means for decrypting the content of said at least one encrypted portionof video memory by said at least one GPU in communication with saidcryptographic processing device; means for performing said one ofprocessing and rendering on said decrypted content by said at least oneGPU; and means for outputting said content from the at least one GPU.80. A computing device according to claim 79, wherein if the output ofsaid means for outputting is different than the secure content of saidmeans for requesting adjusted for any processing performed on saidsecure content by said at least one GPU, said one of an application anddevice is alerted to the difference.
 81. A computing device according toclaim 79, wherein said means for transmitting includes means fortransmitting said secure content to at least one encrypted overlaysurface, which overlays at least one primary surface of said videomemory.
 82. A computing device according to claim 79, wherein said meansfor decrypting the content of said at least one encrypted portion ofvideo memory includes means for decrypting a geometrical fraction of aprimary surface, whereby pixels other than the geometrical fraction arenot decrypted.
 83. A computing device according to claim 79, wherein thecryptographic processor is permanently attached to the graphics card, byone of (A) adding the cryptographic processor to an existing chip and(B) adding the cryptographic processor as a separate chip to thegraphics card, whereby the physical connection between the cryptographicprocessor and the rest of the graphics card is not accessible and is notexposed.
 84. A computing device according to claim 81, wherein saidmeans for decrypting includes means for decrypting said at least oneencrypted overlay surface by a decryption mechanism of said GPUcommunicatively coupled to said cryptographic processing device
 85. Acomputing device according to claim 81, wherein said means fordecrypting includes one of (A) means for decrypting said at least oneencrypted overlay surface on the fly by digital to analog conversion(DAC) hardware of the graphics system as the content is output accordingto said outputting of said means for outputting and (B) means fordecrypting said at least one encrypted overlay surface on the fly justprevious to the content reaching the DAC hardware of the graphicssystem.
 86. A computing device according to claim 81, wherein said meansfor decrypting includes means for decrypting said at least one encryptedoverlay surface previous to the content reaching the DAC hardware of thegraphics system by a component having no back channel to the hostsystem.
 87. A computing device according to claim 79, further including:means for re-encrypting said content by said at least one GPU incommunication with said cryptographic processing device prior to saidoutputting by said means for outputting; and means for decrypting saidre-encrypted content by at least a second cryptographic processingdevice of an external computing device.
 88. A computing device accordingto claim 79, wherein the content is transmitted in digital form to anexternal device having a second cryptographic processing device and saiddecrypting of said means for decrypting occurs on said external device.89. A computing device according to claim 87, wherein said externalcomputing device is one of (A) a monitor, (B) a set top box and (C) adigital signal processing (DSP) rendering device.
 90. A computing deviceaccording to claim 81, wherein said means for transmitting includesmeans for transmitting said secure content to one of (A) a firstencrypted confidential overlay for basic rendering of secure content and(B) a second encrypted protected overlay specifically designed topresent sensitive user interfaces, (C) a first encrypted region of aprimary surface for basic rendering of secure content and (D) a secondencrypted region of a primary surface specifically designed to presentsensitive user interfaces.
 91. A computing device according to claim 79,wherein said means for decrypting includes means for calculating acryptographic digest of the decrypted data, and said computing devicefurther includes: means for transmitting said cryptographic digest tothe one of an application and device to ensure that the displayed pixelsare the pixels sent in connection with said requesting by the one of anapplication and device via said means for requesting.
 92. A computingdevice according to claim 90, wherein the second encrypted protectedoverlay is always-on-top and non-obscurable and wherein the contents ofthe second encrypted protected overlay are verified by said at least oneGPU.
 93. A computing device according to claim 90, wherein said meansfor decrypting includes one of (A) means for decrypting with a firststream cipher decryption component the contents of the first encryptedconfidential overlay, (B) means for decrypting with a second streamcipher decryption component the contents of the second encryptedprotected overlay, (C) means for decrypting with a first stream cipherdecryption component the contents of the first encrypted region ofprimary surface and (D) means for decrypting with a second stream cipherdecryption component the contents of the second encrypted region ofprimary surface.
 94. A computing device according to claim 93, whereinat least one bit of each pixel in a primary surface is used to determinemembership in a virtual protected surface for the pixel, wherein thegraphics card selects an appropriate decryption key for the pixel basedon said at least one bit.
 95. A computing device according to claim 94,wherein if said at least one bit contains a zero value, then the virtualprotected surface associated with said at least one bit is interpretedas a region not to decrypt.
 96. A computing device according to claim93, further including, means for selecting, once the decrypted pixelvalues are available, by a pixel select component of said at least oneGPU the pixel value of one of (A) the second encrypted protectedoverlay, (B) the first encrypted confidential overlay and (3) a primarysurface.
 97. A computing device according to claim 90, wherein saidrequesting of said means for requesting includes at least one of (A) asource and destination bounding box of said at least one encryptedoverlay surface, (B) a destination color key of said at least oneencrypted overlay surface, (C) in the case of the first encryptedconfidential overlay, a specification of an encryption key index of thecontents of an overlay back buffer to which the data is to be flipped(D) in the case of the second encrypted protected overlay, aspecification of a memory location where at least one of a cyclicredundancy code (CRC), an integrity measure and a digest value of thedecrypted overlay contents are to be written, (E) a source anddestination bounding box of at least one encrypted primary surface, and(F) a destination color key of said at least one encrypted primarysurface.
 98. A computing device according to claim 97, wherein said oneof an application and device calculates said at least one of the CRC,integrity measure and digest value if said one of an application anddevice is concerned with integrity of the content.
 99. A computingdevice according to claim 79, wherein at least one command buffer sentto a video decode unit of the at least one GPU incident to saidrequesting of said means for requesting is encrypted by said at leastone of an application and device and decrypted by said video decode unitin communication with said cryptographic processing unit.
 100. Acomputing device according to claim 99, further comprising means fortamper detecting said at least one command buffer one of (A) by usingtwo passes before consumption of the at least one command buffer and (B)after the command buffer has been consumed.
 101. A computing devicecomprising computer executable modules including computer executableinstructions for cryptographically protecting secure content inconnection with a trusted graphics system of a computing device, thetrusted graphics system having video memory, at least one graphicsprocessing unit (GPU) and a cryptographic processing devicecommunicatively coupled to said at least one GPU, comprising: means forrequesting, by one of an application and device, the graphics system toperform one of processing and rendering of secure content, wherein saidmeans for requesting includes means for transmitting by said one of anapplication and device a session key to the graphics system forverification by the cryptographic processing device and transmittingsaid secure content to at least one encrypted portion of the videomemory; means for decrypting the content of said at least one encryptedportion of video memory by a decryption mechanism of an input unit ofsaid at least one GPU, wherein said decryption mechanism is incommunication with said cryptographic processing device; means forperforming said one of processing and rendering on said decryptedcontent by said at least one GPU; means for encrypting said content withan encryption/decryption mechanism of an output unit of the at least oneGPU; and means for outputting said encrypted content from the at leastone GPU.
 102. A computing device according to claim 101, wherein saidinput unit is a texture mapping unit and said output unit is an alphablending unit, and wherein said at least one encrypted portion of saidvideo memory is an encrypted texture surface.
 103. A computing deviceaccording to claim 101, wherein said secure content is one of texturedata, plaintext and video macroblocks.
 104. A computing device accordingto claim 101, wherein said means for encrypting and means for decryptingincludes means for encrypting and means for decrypting using blockciphers, respectively.
 105. A computing device according to claim 102,wherein said decryption mechanism of the texture mapping unit decryptson a cache line fill and wherein the encryption/decryption mechanism ofthe alpha blending unit encrypts before writing.
 106. A computing deviceaccording to claim 102, further including means for decrypting by theencryption/decryption mechanism of the alpha blending unit when readinga cache line from a color buffer in video memory.
 107. A computingdevice according to claim 101, further including: means for flippingsaid encrypted output content from an encrypted back primary surface toan encrypted front primary surface of said video memory; second meansfor decrypting said encrypted output content by a second decryptionmechanism of said at least one GPU in communication with saidcryptographic processing device; and second means for outputting saidoutput content.
 108. A computing device according to claim 101, whereinsaid means for outputting includes means for outputting the encryptedcontent to a confidential overlay flipping chain and the computerexecutable modules further include: means for flipping said encryptedoutput content from an encrypted back confidential surface to anencrypted front confidential surface, whereby said encrypting by saidencryption/decryption mechanism includes means for encrypting utilizingstream cipher encryption; and second means for decrypting said encryptedoutput content by a stream cipher decryption mechanism of said at leastone GPU in communication with said cryptographic processing device. 109.A computing device according to claim 108, further comprising: means forencoding a location within the content prior to said encrypting by saidmeans for encrypting; and means for decoding the location within thecontent after said decrypting by said second means for decrypting,whereby said location is externally unavailable preserving the integrityof a plaintext-ciphertext mapping.
 110. A computing device according toclaim 101, wherein if the output of said means for outputting isdifferent than the secure content of said means for requesting adjustedfor any processing performed on said secure content by said at least oneGPU, said one of an application and device is alerted to the difference.111. A computing device according to claim 101, the computer executablemodules further including: means for re-encrypting said content by saidat least one GPU in communication with said cryptographic processingdevice prior to said outputting by said means for outputting; and meansfor decrypting said re-encrypted content by at least a secondcryptographic processing device of an external computing device.
 112. Acomputing device according to claim 111, wherein said external computingdevice is one of (A) a monitor, (B) a set top box and (C) a digitalsignal processing (DSP) rendering device.
 113. A computing deviceaccording to claim 101, wherein encrypted textures and encryptedoffscreen surfaces delivered by said one of an application and deviceare encoded with block ciphers, and said one of an application anddevice swizzles the block ciphers with a predefined swizzling formatthat converts an (x,y) location in the content to an offset for at leastone of YUV, RGB, YUY2 and packed planar formats.
 114. A computing deviceaccording to claim 101, wherein at least one command buffer sent to avideo decode unit of the at least one GPU incident to said requesting ofsaid means for requesting is encrypted by said at least one of anapplication and device and decrypted by said video decode unit incommunication with said cryptographic processing unit.
 115. A computingdevice according to claim 101, the computer executable modules furthercomprising means for tamper detecting said at least one command bufferone of (A) by using two passes before consumption of the at least onecommand buffer and (B) after the command buffer has been consumed.